I NFC payments (near field communication) they are very comfortable: just place your credit/debit card (or smartphone) on the POS device and voilà, payment made. But how safe is this operation? In general, the close distance required to make an NFC payment makes the operation much safer than traditional payments… or at least until the advent of a new malware: NGate.
NGate, discovered by ESET and used in a cybercrime campaign targeting customers of three banks in the Czech Republic, is a malware for android devices that succeeds, Thanks to the NFC capabilities of smartphones, it is possible to clone credit and debit cardsand send the stolen data to the attacker’s smartphone.
The main goal of the campaign was to facilitate unauthorized withdrawals from the victims’ banks. All the criminal has to do is trick a victim into downloading a compromised application (containing malware), wait for the victim’s smartphone to come into contact with a credit/debit carde let NGate do its jobcloning the card data and sending it to the criminal.
How NGate Infiltrates Smartphones of Unsuspecting Victims
Table of Contents
How does NGate get onto a victim’s smartphone? With some good old social engineering.
The victim, induced by the criminal to believe that communicate with your bankdownloads and installs an application with a logo and interface similar to the legitimate bank application from a link sent via SMS by the criminal. Afterwards, the criminal requests additional information from the victim, such as the card pinand proceeds to clone the credit/debit card using the malware present in the compromised application.
Once the credit/debit card details are obtained, the criminal can use your smartphone with NFC connectivitycontaining the data of the cloned card, to make payments and bank withdrawals.
Browse Safely with Nord VPN, Get Up to 71% Off from This Link
“We have never seen this NFC redirection technique in any previously discovered Android malware. The technique relies on a tool called NFCGatedesigned by students at the Technical University of Darmstadt, Germany, to capture, analyze or alter NFC traffic; that’s why we called this new malware family NGate”he stated Lukáš Štefanko, Senior Malware Researcher at ESET who discovered the new threat.
Now the reign of terror is over, thanks to ESET research
ESET first identified the NGate malware in November 2023and believes that criminal activities were suspended after thearrest of a suspect in March 2024.
From the analysis carried out by the company, it appears that the malware had been distributed via short-lived domains that mimic legitimate banking websites or official mobile banking apps available in the Google Play Store.
However, cybercrime campaigns were underway long before NGate existed.. ESET has in fact discovered that the criminals initially exploited the potential of Progressive Web Apps (PWA)that is, web pages that behave like apps, only to then refine their strategies using a more sophisticated version of PWA known as WebAPKs. Ultimately, the operation culminated in the deployment of the NGate malware.
NGate in action: here it is cloning an RFID tag
How to protect yourself from threats like NGate?
Although the Czech cybercrime campaign is now over, NGate and similar malware continue to pose a serious threat globally. To protect yourself from this type of attack, ESET provides some useful tips to adopt, which we report below.
Let us always remember verify the authenticity of the websites we visitespecially when they ask for sensitive information, such as banking details. This can be done by checking the URL to make sure the site is not a fake version of a real one.
Similar to the previous arrangement is that of Download applications only from official sourcessuch as the Google Play Store. This precaution significantly reduces the risk of installing malicious software without knowing it.
Let’s not forget about enable security features present in our devices or use third-party applications (checking their origin!) that can block the download and installation of unwanted software and malware, such as NGate.
Let us remember turn off the NFC function on devices when it is not needed. This helps prevent unauthorized access or data transfer via NFC. We also consider use radio frequency identification (RFID) card holders or protectorswhich create a barrier that blocks unwanted RFID scans, preventing anyone from stealing NFC data from the card.
Finally, let’s try to prefer digital versions of cards over physical onesVirtual cards are stored securely on your device and can be protected by additional security measures, such as biometric authentication, making them a more secure and convenient solution than traditional physical cards.
For more information on NGate and an in-depth technical analysis, we invite you to read the full research available on ESET website.
Last updated 2024-09-17 / Affiliate links / Images from Amazon Product Advertising API
Stay up to date by following us on Google News!
Follow!
Don’t miss this week on Techprincess
🧑⚖️ California Passes Law to Regulate AI Models
📃Pavel Durov under indictment: the charges for the Telegram CEO
📱Google Pixel 9 Pro XL Review: A Promise for the Future
🎮We tried Deadlock, the new Hero Shooter from Valve
🎙️But did you know that Fjona also has her own newsletter?! Subscribe to SuggeriPODCAST!
📺 You can also find Fjona on RAI Play with Touch – Fingerprint!
💌 We solve your heart problems with B1NARY
🎧 Listen to our unmissable podcast The life of Tech
💸And you find some interesting offers on Telegram!
Source
NGate Android malware relays NFC traffic to steal cash
– What are the symptoms of an NFC payment malware infection?
The Rise of NGate: Uncovering the Dangers of NFC Payment Malware
In the era of contactless payments, Near Field Communication (NFC) technology has made transactions faster and more convenient. Simply place your credit/debit card or smartphone near a Point of Sale (POS) device, and the payment is made. However, the emergence of a new malware, NGate, has raised concerns about the safety of NFC payments.
What is NGate Malware?
NGate, discovered by cybersecurity firm ESET, is a malware designed to target Android devices. It exploits the NFC capabilities of smartphones to clone credit and debit cards, sending the stolen data to the attacker’s smartphone. The primary goal of this cybercrime campaign is to facilitate unauthorized withdrawals from victims’ bank accounts.
How NGate Works
The malware spreads through social engineering tactics, where victims are tricked into downloading a compromised application that mimics a legitimate banking app. Once installed, the malware waits for the victim’s smartphone to come into contact with a credit/debit card, then clones the card data and sends it to the criminal. The criminal can then use the stolen information to make payments and bank withdrawals using the victim’s cloned card.
The Rise of NGate
The NGate malware family was first identified in November 2023, and ESET believes that criminal activities were suspended after the arrest of a suspect in March 2024. The malware was distributed via short-lived domains that mimic legitimate banking websites or official mobile banking apps available in the Google Play Store.
A Brief History of Cybercrime Campaigns
Before NGate, cybercrime campaigns were underway, exploiting the potential of Progressive Web Apps (PWA) and WebAPKs. These techniques were used to target victims, leading to the deployment of the NGate malware.
How to Stay Safe from NGate
To protect yourself from NGate and similar malware:
- Verify the authenticity of banking apps: Ensure that you download banking apps from official sources, such as the Google Play Store or App Store.
- Be cautious of suspicious links: Avoid clicking on links sent via SMS or email that request you to download banking apps or provide sensitive information.
- Keep your device and antivirus software up to date: Regularly update your device’s operating system and antivirus software to ensure you have the latest protection against malware.
- Use two-factor authentication: Enable two-factor authentication to add an extra layer of security to your banking apps.
Conclusion
The rise of NGate serves as a reminder to stay vigilant in the face of emerging cyber threats. As NFC payments become more widespread, it is crucial to prioritize security and take proactive measures to protect yourself from malware attacks. By staying informed and taking necessary precautions, you can ensure a safer and more secure digital experience.
Stay Safe Online with Nord VPN
Browse safely and securely with Nord VPN, a trusted and reliable virtual private network (VPN) provider. Get up to 71% off from this link.
Note: This article is optimized for search engines with relevant keywords, meta descriptions, and optimized header tags to improve its visibility and readability.
